Israeli surveillance specialist NSO Group is once again the headlines after a group alleged its spyware has been used “to facilitate human rights violations around the world on a massive scale.”
The allegation comes from the Pegasus Project, which describes itself is a collaboration by more than 80 journalists from 17 media organisations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International.”
The group said that it has conducted “cutting-edge forensic tests on mobile phones to identify traces of the spyware.”
The NSO spyware in question is called Pegasus, which has been in the headlines before.
In December last year a report by Citizen Lab at the University of Toronto alleged that dozens of Al Jazeera journalists were allegedly hacked with the help of NSO spyware, reportedly by exploiting a vulnerability in the iPhone operating system.
NSO is also engaged in a legal battle with WhatsApp, after Facebook sued NSO in October 2019 and alleged it was behind the cyberattack in 2019 that infected devices with advanced surveillance hacks (reportedly from NSO) in May 2019.
NSO Group is in the business of developing surveillance tools that are intended for use by governments and law enforcement agencies.
It denied the WhatsApp compromise.
But the Pegaus Project alleges that the NSO spyware has been used against heads of state, activists and journalists, including Jamal Khashoggi’s family.
Washington Post journalist Jamal Khashoggi was a prominent critic of the Saudi government, and in October 2018, he was murdered in the Saudi consulate in Istanbul by agents of the Saudi government.
Even former Amazon CEO Jeff Bezos allegedly had his phone hacked, with one security expert telling Silicon UK last year that that hack had all the hallmarks of the Pegasus spyware,
But what exactly are the Pegaus Project alleging that NSO and its Pegasus spyware have done?
“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” Agnès Callamard, Secretary General of Amnesty International said.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology,” said Callamard. “While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations.”
“Clearly, their actions pose larger questions about the wholesale lack of regulation that has created a wild west of rampant abusive targeting of activists and journalists,” said Callamard. “Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer and use of surveillance technology.”
However NSO Group said it “firmly denies false claims” in the report.
“NSO Group firmly denies false claims made in your report, many of which are uncorroborated theories that raise serious doubts about the reliability of your sources, as well as the basis of your story,” the firm said.
“NSO Group has good reason to believe that claims that you have been provided with, are based on misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers’ targets of Pegasus or any other NSO products,” said the firm.
“Such services are openly available to anyone, anywhere, and anytime, and are commonly used by governmental agencies for numerous purposes, as well as by private companies worldwide,” it added. “It is also beyond dispute that the data has many legitimate and entirely proper uses having nothing to do with surveillance or with NSO, so there can be no factual basis to suggest that a use of the data somehow equates to surveillance.”